12-21-2009 05:44 AM
Custom with PIX515E, IOS 7.0.7
I need to add a further site-to-site VPN.
In this case, however, our partner asks not to present with the private IP of the inside net, but with a NATted one.
From our part, it is all of our LAN that must participate in the VPN.
Configured and tried, but it doesn't work...
By another client, I have already made a similar VPN, but in that case the inside LAN was a single host, with a static NAT.
In this case, I have a dynamic NAT of the whole net.
I have not found any documentation that contemplates this scenery, it seems that works only with static NAT - also of the whole net, but always Static.
Does someone have some idea?
Thanks
12-21-2009 08:54 AM
HI, work with this doc as example.. use policy nat.
12-21-2009 09:26 AM
I allready know this document.
But in the example a STATIC NAT is been used for the whole LAN 1:1
I have only ONE IP for all the LAN, so how can I configure a static NAT? I beleav, I can't ..
Regard's
12-21-2009 11:25 AM
You will have to PAT
One IP, say is public IP (10.20.20.20 ), use it to PAT your inside LAN to connect to other tunnel LAN.
Other side LAN hosts say is 172.16.10.10 and 172.16.10.11, create acl and add it to your crypto map policy for that tunnel.
access-list OTHER_L2L extended permit ip 10.0.0.0 255.0.0.0 host 172.16.10.10
access-list OTHER_L2L extended permit ip 10.0.0.0 255.0.0.0 host 172.16.10.11
global (outside) 2 10.20.20.20
nat (inside) 2 access-list OTHER_L2L
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide